Don't crash when password is unset for user, just deny login
authorJean-Michel Nirgal Vourgère <jmv@nirgal.com>
Mon, 18 Apr 2011 15:38:01 +0000 (15:38 +0000)
committerJean-Michel Nirgal Vourgère <jmv@nirgal.com>
Mon, 18 Apr 2011 15:38:01 +0000 (15:38 +0000)
bin/djais/models.py

index 115d402555c6d0831dc65297b479ffd2e5cf8ea4..be413912a2734860e3c0b2b189d72bf15a3fedf9 100644 (file)
@@ -50,7 +50,10 @@ class User(models.Model):
         self.info('Password changed') # FIXME
 
     def check_password(self, raw_password):
-        algo, salt, hsh = self.password_hash.split('$')
+        password_hash = self.password_hash
+        if not password_hash:
+            return False
+        algo, salt, hsh = password_hash.split('$')
         return hsh == get_hexdigest(algo, salt, raw_password)